Our Blog

WordPress 4.4.2 Release: Bug, Fixes and Features

In 2 months since 4.4 Clifford’s release in December 2015, WordPress has released 2 major security updates, the second one a few hours ago (at the time of writing). This post lists those fixes and why you should update to 4.4.2 immediately (if you haven’t already).

The Fixes:
Two major security issues and 19 bugs (from versions 4.4 and 4.4.1) have been fixed in this release.

1. SSRF vulnerability fix: Server Side Request Forgery (SSRF) vulnerability lets an attacker access the local server that your WordPress is installed on.
2. Open redirection attack: Open redirection lets an attacker send a visitor to a WordPress site through a URL that contains a parameter which automatically redirects them to a different website. This is used in phishing attacks.

Why you should update immediately:
Now that the vulnerabilities are out in the open, even previously unaware attackers know of these vulnerabilities in WordPress, and they apply to every version before 4.4.2. A parameter in your website’s URL could currently be taking your visitors to a site of hacker’s choice.
Don’t leave things to chance and update as soon as possible.